<?php 
/*
* StiPHPcms, A web Content management System made with PHP/MySQL
* JordSti : jord52@gmail.com
* Version : 0.0.2
*
* Copyright (C) 2009  jord52@gmail.com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/


include "core/main.php";

$cms = new CMSPage($cms_config);

$cms->init();

if(!$cms->isUserLog())
{
	$cms->error('','index.php');
}

$user_id = $_SESSION['user_id'];

if(isset($_GET['t']))
{
	$task = $_GET['t'];
}
else
{
	$task = 'default';
}

if($task=='default')
{
	$cms->renderHeader($cms->lang['my_account']);
	$cms->renderMenu();
	
	$dt = $cms->sql_query("SELECT email FROM %prefix%users WHERE id=$user_id");
	
	$data = mysql_fetch_array($dt);
	
	$html = '<form method="post" action="myaccount.php?t=chpasswd">
	<fieldset>
	<legend>'.$cms->lang['change_password'].'</legend>
	<p>
	<label for="currentpassword">'.$cms->lang['current_password'].' : </label>
	<input name="currentpassword" id="currentpassword" type="password" tabindex="10" size="16" maxlength="32" >
	</p>
	<p>
	<label for="newpassword">'.$cms->lang['new_password'].' : </label>
	<input name="newpassword" id="newpassword" type="password" tabindex="20" size="16" maxlength="32" >
	</p>
	<p>
	<label for="newpassword2">'.$cms->lang['new_password_confirm'].' : </label>
	<input name="newpassword2" id="newpassword2" type="password" tabindex="30" size="16" maxlength="32" >
	</p>
	<p>
	<input type="submit" value="'.$cms->lang['save'].'">
	</p>
	</fieldset>
	</form>
	<form method="post" action="myaccount.php?t=chemail">
	<fieldset>
	<legend>'.$cms->lang['change_email'].'</legend>
	<p>
	<label for="email">'.$cms->lang['email'].' : </label>
	<input name="email" id="email" type="text" tabindex="10" value="'.$data['email'].'" size="24" maxlength="64" >
	</p>
	<p>
	<input type="submit" value="'.$cms->lang['save'].'">
	</p>
	</fieldset>
	</form>';
	
	$cms->addFrame($cms->lang['my_account'],$html);
	$cms->close();
}
else if($task=='chpasswd')
{
	$dt = $cms->sql_query("SELECT password FROM %prefix%users WHERE id=$user_id");
	
	$data = mysql_fetch_array($dt);
	$old_pass_hash = $data['password'];
	
	$old_pass = $_POST['currentpassword'];
	$new_pass = $_POST['newpassword'];
	$new_pass_confirm = $_POST['newpassword2'];
	
	if($old_pass_hash!=md5($old_pass))
	{
		$cms->error($cms->lang['password_mismatch']);
	}
	
	if(strlen($new_pass)<8)
	{
		$cms->error($cms->lang['password_too_small']);
	}
	
	if($new_pass!=$new_pass_confirm)
	{
		$cms->error($cms->lang['password_mismatch']);
	}
	
	$new_pass_hash = md5($new_pass);
	$cms->sql_query("UPDATE %prefix%users SET password='$new_pass_hash' WHERE id=$user_id");
	
	$cms->renderHeader('',true,'myaccount.php');
	$cms->renderMenu();
	$cms->addFrame('','<h2>'.$cms->lang['password_changed'].'</h2>');
	$cms->close();
		
}
else if($task=='chemail')
{
	$email = mysql_real_escape_string($_POST['email']);
	
	if(!ereg('@',$_POST['email']))
	{
		$cms->error($cms->lang['email_invalid']);
	}
	
	$email = htmlentities($email);
	
	$cms->sql_query("UPDATE %prefix%users SET email='$email' WHERE id=$user_id");
	
	$cms->renderHeader('',true,'myaccount.php');
	$cms->renderMenu();
	$cms->addFrame('','<h2>'.$cms->lang['email_changed'].'</h2>');
	$cms->close();
}
else {
	$cms->error('','index.php');
}

?>